Fake Facebook friend request, now with hidden iFrame

A slight variation of last week’s Facebook friend request spam email campaign has been spotted targeting the social network’s users, and this one employs a two-pronged method of attack.

The email mimics Facebook’s legitimate friend request message, but there are a few details that might tip off the recipient off to the real nature of the email: the picture of the person who wants to be friends with the user is not included, and the recipient’s email address is omitted from the text in the bottom of the email.

But, let’s say that the recipient has been fooled, and he clicks on the “Confirm friend request” button. As in the previous scam, he is taken to a fake Facebook page saying that his version of Macromedia Flash Player is too old to continue, and offering a link for downloading the latest version of the player.

But that’s not all – the page now also includes a hidden iFrame that loads data from a remote server hosting the Blackhole Exploit Kit, say M86 Security researchers.

The exploit kit tries to take advantage of Java vulnerabilities in the recipient’s system and if it succeeds, it downloads what seems to be a variant of the Zeus banking Trojan.

Share this
You are reading

Fake Facebook friend request, now with hidden iFrame